1. Field of Invention
Public key encryption with large key sizes (e.g., RSA) is usually required for creating acceptable levels of security for message processing over an insecure network, such as the Internet. The present invention relates to a system and method for increasing the efficiency of secure message processing over such insecure networks. More specifically, the present invention relates to a system and method for reducing the level of encryption required in a network for message exchanges. Even more specifically, the present invention relates to processing electronic cash transactions in a secure manner while substantially reducing the computational requirements for encryption.
2. Description of the Prior Art
Various methods for increasing the security of communications over insecure networks, such as the Internet, have been disclosed. An insecure network does not protect messages from observation, interception, and manipulation. On the other hand, secure networks offer various means to reduce the opportunity for observation, interception, and/or manipulation of messages.
For example, channel message security schemes (such as secure HTTP ("S-HTTP") and Secure Socket Layer (SSL) protocol) are intended to create confidence in two communicating parties that they are who they say they are and that their communications are private. SSL utilizes digitally signed certificates to provide authentication and security by heavily encrypting each message. S-HTTP relies on digitally signed messages using a heavy encryption key to ensure security and authentication.
A number of multi-party protocols have been proposed for credit transactions, most notably Secure Transport Technology (STT), Internet Keyed Payments (IKP), and Secure Electronic Payment Protocol (SEPP). All of these approaches are built around a credential issuing authority and require that both merchants and customers be authenticated by the credential issuing authority which in turn has been authenticated by a higher authority. In STT, merchants and customers each have two sets of RSA of keys, one to be used to sign messages and one used to encrypt and decrypt symmetrical keys. Thus, in this system, each party needs two certificates (one for each key). A merchant will have a pair of credentials for each credit card it accepts. SEPP and IKP use RSA encryption differently; but, like STT, utilize multiple public key signatures and encryptions per transaction.
Another system has been described under the name "NetBill." While the NetBill approach is less reliant on public key encryption than others, it still requires public key signatures throughout a transaction.
Another approach is that of DigiCash. In the DigiCash model, the user creates a random number, which acts like a serial number for a digital coin. Like the other proposed systems, DigiCash achieves its primary objective of a secure, anonymous cash payment system by requiring heavy reliance on modular exponentiation (which is the basis for other public key techniques such as RSA encryption). It also requires a bank or third party to create tokens that have intrinsic value. It is uncertain how such a system will be treated under banking, tax, and currency laws in the United States and other jurisdictions.
Other systems, such as Mondex, implement security through the use of hardware connected to the user's computer. For Internet transactions, a proprietary card reader must be added to the computers of all customers and merchants who will use a particular card.
The reliance on encryption, especially public key encryption, whether based in software or hardware comes at a price: the greater the use of encryption, the greater the processing effort required to decrypt messages. Where message processing costs are important, such as in commercial network payment transaction, processor and hardware costs can become a significant deterrent to using networks such as the Internet for secure communications.
The current art can only achieve acceptable security with the concomitant high cost of processor time, additional hardware, or both. What is needed to encourage the development of insecure networks such as the Internet for commercial use is a software-based system that offers reduced processing costs of encrypted messages while maintaining an acceptable level of security for the communications being transmitted.